Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2017-0038

Published: 20/02/2017 Updated: 01/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Microsoft

Vulnerability Summary

gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote malicious users to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2012 -

microsoft windows server 2012 r2

microsoft windows server 2016

microsoft windows server 2008

microsoft windows 8.1

microsoft windows 10 -

microsoft windows 10 1511

microsoft windows 7

microsoft windows server 2008 r2

microsoft windows vista

microsoft windows 10 1607

microsoft windows rt 8.1

Exploits

Exploit DB: Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure
Source: bugschromiumorg/p/project-zero/issues/detail?id=992 In issue #757, I described multiple bugs related to the handling of DIBs (Device Independent Bitmaps) embedded in EMF records, as implemented in the user-mode Windows GDI library (gdi32dll) As a quick reminder, the DIB-embedding records follow a common scheme: they include fou ...

Github Repositories

https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS

CVE-2017-0038-EXP-C-JS 详细漏洞分析和Exploit编写过程已经发表在安全客上: bobao360cn/learning/detail/3644html C Exploit中,少一个printf打印最后的color数组,可以自行添加,也可直接用debug调试观察内存泄露 JS Exploit已经更新一个可以直接打印bitmap的版本

References

CWE-200https://bugs.chromium.org/p/project-zero/issues/detail?id=992https://0patch.blogspot.com/2017/02/0patching-0-day-windows-gdi32dll-memory.htmlhttp://www.securityfocus.com/bid/96023https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JShttp://www.securitytracker.com/id/1037845https://www.exploit-db.com/exploits/41363/https://nvd.nist.govhttps://github.com/k0keoyo/CVE-2017-0038-EXP-C-JShttps://www.exploit-db.com/exploits/41363/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook